Security News > 2020 > November > CERT/CC: 'Sensational' bug names spark fear, hype – so we'll give flaws our own labels... like Suggestive Bunny

CERT/CC: 'Sensational' bug names spark fear, hype – so we'll give flaws our own labels... like Suggestive Bunny
2020-11-03 06:02

Named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed, Meltdown, Spectre, and Foreshadow, and Fallout and ZombieLoad. Not all do so.

"Sensational names are often the tool of the discoverers to create more visibility for their work," explained Leigh Metcalf, senior network security research analyst at the CMU's CERT/CC, on Friday.

"Generating neutral names really only tests whether names are more memorable than numbers."

"We fully expect researchers to keep naming vulnerabilities and do not intend Vulnonym to somehow supplant those names," they said.

"Vulnonym covers the other 99 per cent of vulnerabilities that don't get bespoke names, and also calls attention to the element of FUD that is sometimes incorporated into names."


News URL

https://go.theregister.com/feed/www.theregister.com/2020/11/03/cert_bug_names/